Vulnerabilities > CVE-2005-2662 - Local Privilege Escalation vulnerability in MasqMail
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
masqmail before 0.2.18 allows remote attackers to execute arbitrary commands via crafted e-mail addresses that are not properly sanitized when creating a failed delivery message.
Vulnerable Configurations
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-848.NASL |
description | Jens Steube discovered two vulnerabilities in masqmail, a mailer for hosts without permanent internet connection. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2662 When sending failed mail messages, the address is not sanitised, which allows a local attacker to execute arbitrary commands as the mail user. - CAN-2005-2663 When opening the log file, masqmail does not relinquish privileges, which allows a local attacker to overwrite arbitrary files via a symlink attack. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19956 |
published | 2005-10-11 |
reporter | This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/19956 |
title | Debian DSA-848-1 : masqmail - several vulnerabilities |
code |
|
References
- http://secunia.com/advisories/16883
- http://secunia.com/advisories/17109
- http://www.debian.org/security/2005/dsa-848
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:168
- http://www.osvdb.org/displayvuln.php?osvdb_id=19583
- http://www.securityfocus.com/bid/14890
- http://www.vupen.com/english/advisories/2005/1807
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22346